Business Continuity Planning (BCP) is one of those buzzwords that is easy to talk about, but hard to put into practice.
Virtually every business recognizes the importance of BCP. They know that they need a way to handle disaster recovery, business resilience and continuity when problems like cyberattacks or infrastructure failures threaten to disrupt the resources they depend on.
However, where many maritime and logistics companies falter in their approach to BCP is failing to recognize that BCP is about more than just Disaster Recovery Planning (DRP) and technical remediation. It also involves crisis management, which is a cross-organizational function rather than a purely technical one. And if you conflate BCP with DRP alone, you are probably failing to make the complete preparations that are necessary to protect your business when the unexpected happens.
What is Disaster Recovery Planning?
Disaster Recovery Planning (DRP) refers to:
- The technical procedures, actions and capabilities that are required to recover and restore disrupted IT systems
- the data and applications they host
- the processes that they require to run in the event of an unexpected failure
DRP falls completely within the realm of IT departments. Teams like security may assist in the event that a disruption is triggered by a cyberattack, but restoring and recovering systems the maritime industry relies on is a technical, IT-driven function. You don’t need your executives, customer support team or legal team involved in DRP.
What is Business Continuity Planning?
Business Continuity Planning is the set of processes required to restore a required level of business functionality following an unexpected attack.
BCP partly involves the technical functions of DRP, but it’s about much more than DRP alone. Successful BCP also requires effective crisis management.
Crisis management is a cross-organizational function that demands the coordination of a variety (in many cases, all) of departments. Its main goal is to minimize damage to the company’s employees and stakeholders, ability to continue operations, as well as financial performance and reputation in the wake of an incident. In the maritime industry there is an additional layer of complexity, resulting from the different infrastructures and geographical dispersion of stakeholders to consider.
In addition to recovery of the systems by the IT team, crisis management usually requires PR departments to manage the release of information to the press, social media outlets, and port and terminal employees . Customer relations often have to contact clients to ensure they know how an incident affects them. Executives may need to reach out directly to high-profile customers to discuss delayed deliveries. And so on.
Without these non-technical components, BCP falls short of guaranteeing that the business can actually recover fully from an incident.
Crisis Management Planning for Maritime
As you devise a crisis management strategy that addresses the full scope of business requirements following an incident, ask questions like:
- Who are the relevant stakeholders involved in the management of a crisis? Keep in mind that some stakeholders (such as partners and customers) may be external to your business. They must still be looped into the crisis management process.
- Who oversees crisis management? Identify who will take charge when a crisis occurs, and determine the responsibilities and level of authority of each member of the crisis response team.
- What are the priorities? What are your main goals during a crisis? Which aspects of the business do you want to protect and restore first? For instance, is it more important to protect customer accounts or to control the media narrative that develops following an incident?
- What are the critical processes that must continue to operate? At which level of service/productivity? What is the minimal amount of critical data required for it? And how can this data be made available for the operation and commercial teams in spite of the cyber attack? What contingencies should be put in place beforehand, to enable the operational continuity of the critical processes?
- What is the communication plan? How will you share information – both internally, with port and terminal employees, and externally, with partners, customers and the media – during a crisis?
When you can answer these questions, you are in a position to pivot quickly from business-as-usual mode, to crisis mode in the face of an unexpected problem.
Don’t Conflate BCP with DRP
In short, although it’s easy to conflate buzzwords like Business Continuity Planning with Disaster Recovery Planning, doing so is a big mistake.
DRP is one component of BCP because DRP allows technical teams to restore the various complex maritime IT systems following an outage. That’s one step toward restoring normal business operations and guaranteeing business continuity.
However, equally important parts of the BCP process include:
- Maintaining certain required level of operational continuity and customer support even with crippled IT systems
- Identifying and communicating with internal and external stakeholders
- Taking steps to protect your business’s reputation
- Managing potential legal consequences of an outage
Without these additional steps, you may restore your IT systems only to discover that your maritime business remains non-operational, unable to handle loading and unloading deliveries, or that it has suffered much greater harm than necessary to finances or its reputation. And if you can’t protect your business, you haven’t achieved very effective business continuity.
This is where we can bring in our expertise in the maritime industry to help your business. After a threat assessment, Cyberstar’s experts will tailor a business continuity strategy to your business: